Themis Consultancy

Features | 09/02/22

Owing to the strains anticipated on households this coming year, 2022 has been named “the Year of the Squeeze” by the Resolution Foundation (an independent think-tank focused on improving living standards for those on low to middle incomes).

This comes as no surprise as the new social care levy is applied to national insurance contributions, personal tax allowances are frozen and inflation is high. These together with soaring energy prices, with some predicting annual household energy bills rising to above £2000, is likely to mean that many borrowers, and more specifically those who are vulnerable, may be impacted.

As we all know, February doesn’t just see the review of the energy price cap, it also marks the one-year anniversary of the FCA’s Guidance for firms on the fair treatment of vulnerable customers FG21/1 (“the Guidance”).

It is assumed most lenders will have given the Guidance the priority it deserves, not least because of the FCA’s “warning” at paragraph 1.8 where the FCA states, “This [vulnerability] Guidance is issued under section 139A of the Financial Services and Markets Act 2000 as guidance on our Principles for Businesses (the Principles). It sets out our view of what firms should do to comply with their obligations under the Principles and ensure they treat vulnerable customers fairly.”

The message here is very clear – if you don’t follow the Guidance, you will be in breach of the Principles. This reference to the Principles re-affirms the importance we all know the FCA places on conduct more broadly. So what does that mean for firms and their senior managers?

The Senior Mangers & Certification Regime unquestionably seeks to improve conduct and governance via clear accountability. Therefore, senior managers whose statements of responsibility include vulnerability (and who therefore have of a duty of responsibility to take reasonable steps to prevent or stop breaches from occurring) need to satisfy themselves they have reviewed the Guidance and are confident that their firm is complying with the obligations set out within it.

In the event the accountable senior manager cannot evidence they acted in accordance with the Guidance, it may be open to the FCA (on whom the burden of proof lies) to conclude that there has been a breach of the Principles, and/or that the senior manager did not take steps to avoid the misconduct occurring or continuing.

The FCA’s Feedback Statement FS21/4 published in February 2021 sets out the FCA’s intention to evaluate firms against the Guidance during the period 2023-24. The FCA states that it will look to see what action firms have taken and to establish whether there have been improvements in the outcomes experienced by vulnerable consumers.

It is likely that this may start with the FCA simply requesting a copy of the firm’s vulnerability policy to assess when it was last reviewed and updated. That isn’t to say that this is all firms need to do. Depending on the risk perceived by the FCA, it’s possible that the FCA may well ask firms to demonstrate, through evidence, how they have considered the Guidance and what steps firms have taken in considering each of the following elements (“the what”):

• Have you identified all different types of vulnerabilities within your customer base?

• Do you understand the needs of the customers within each of these cohorts?

• Do your staff have the skills and capability to identify and properly deal with these?

• Have you reviewed whether your product and/or service design supports and/or mitigates risk arising from each vulnerability type?

• Does your approach to customer service need to adapt to meet the different needs of the different vulnerabilities identified?

• Have you adequate systems and controls in place to identify, monitor and evaluate whether your rationale and approach continues to ensure the fair treatment of vulnerable customers?
• Do your customer communications need to be tailored to meet the different needs of the different vulnerabilities identified?

• Have you ensured any sensitive data considerations have been adequately provided for?


The first steps for firms, if they haven’t already done so, is to undertake a gap analysis against these key elements (“the how”):

• Consider your customer base/target market in order to identify the different types of customer vulnerabilities

• Determine how best to prevent and/or reduce the potential for unfair outcomes for customers who may be impacted by these vulnerabilities

• Assess the understanding and training needs of your staff

• Establish whether adequate consideration of these vulnerabilities have been given when designing/developing products and services

• Review customer service practices/approach to ensure they support the spirit of the guidance, encouraging direct and indirect disclosures and identification, etc

• Revise where appropriate your communication strategy applying a pragmatic vulnerability lens.


Once firms have identified any gaps or improvements in their approach it is imperative that they address these and moving forward have robust systems and controls in place to monitor and evaluate the fair treatment of customers through oversight, data analysis and outcomes testing.

Themis Consultancy has vast experience in undertaking gap analysis exercises and can offer practical suggestions as to how firms might approach monitoring, evaluation, oversight and outcomes testing.